package com.hns.frame.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;

import com.hns.frame.enumrate.LoginErrorPage;
/**
 * 退出或者登录失败时返回的登录界面
 * @author:Fisher
 * @email:zhuangcaijin@126.com
 * @version Revision 2.0.0
 */
public class AppUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    protected final Log      logger               = LogFactory.getLog(getClass());
    private String           defaultFailureUrl;
    private boolean          forwardToDestination = false;
    private boolean          allowSessionCreation = true;
    private RedirectStrategy redirectStrategy     = new DefaultRedirectStrategy();
    
    public AppUrlAuthenticationFailureHandler() {
    }
    
    public AppUrlAuthenticationFailureHandler(String defaultFailureUrl) {
        setDefaultFailureUrl(defaultFailureUrl);
    }
    
    /**
     * 访问失败的时候返回的登录页
     * @param request
     * @param response
     * @param exception
     * @throws IOException
     * @throws ServletException
     * @see org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler#onAuthenticationFailure(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
     * @author:Fisher
     * @email:zhuangcaijin@126.com
     */
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        String company = request.getParameter("company");
        if (LoginErrorPage.LOGIN_YL.getFlag().equals(company)) {
            setDefaultFailureUrl(LoginErrorPage.LOGIN_YL.getUrl());
        } else {
            setDefaultFailureUrl(LoginErrorPage.LOGIN.getUrl());
        }
        saveException(request, exception);
        if (this.forwardToDestination) {
          request.getRequestDispatcher(this.defaultFailureUrl).forward(request, response);
        } else {
          this.redirectStrategy.sendRedirect(request, response, this.defaultFailureUrl);
        }
    }
    
    public void setDefaultFailureUrl(String defaultFailureUrl) {
        Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl), "'" + defaultFailureUrl + "' is not a valid redirect URL");
        
        this.defaultFailureUrl = defaultFailureUrl;
    }
    
    protected boolean isUseForward() {
        return this.forwardToDestination;
    }
    
    public void setUseForward(boolean forwardToDestination) {
        this.forwardToDestination = forwardToDestination;
    }
    
    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
    
    protected RedirectStrategy getRedirectStrategy() {
        return this.redirectStrategy;
    }
    
    protected boolean isAllowSessionCreation() {
        return this.allowSessionCreation;
    }
    
    public void setAllowSessionCreation(boolean allowSessionCreation) {
        this.allowSessionCreation = allowSessionCreation;
    }
}
